

distrib > Mandriva > 2009.0 > i586 > by-pkgid > a296c7e3f26a1a56e18e5dd599b426f9 > files > 5


%define rev 1076

%define major 1
%define libname %mklibname apparmor %{major}
%define develname %mklibname apparmor -d

Summary:	AppArmor security framework
Name:		apparmor
Version:	2.1
Release:	%mkrel 1.%{rev}.2
License:	GPL
Group:		System/Libraries
Source0:	apparmor-%{version}-%{rev}.tar.bz2
Source1:        B15_mod_apparmor.conf
Source2:        sbin.rpcbind
Patch:          apparmor-2.1-961-ldflags.patch
Patch1:         apparmor-2.1-961-condreload.patch
BuildRequires:  flex
BuildRequires:  latex2html
BuildRequires:  bison
BuildRequires:  perl-devel
BuildRequires:  libpam-devel
BuildRequires:  apache-devel
BuildRequires:  swig
BuildRequires:  libpanel-applet-2-devel
BuildRequires:  libaudit-devel
BuildRequires:  pkgconfig
BuildRequires:  libdbus-devel
BuildRoot:	%{_tmppath}/%{name}-%{version}-root

AppArmor is a security framework that proactively protects the operating system
and applications from external or internal threats, even zero-day attacks, by
enforcing good program behavior and preventing even unknown software flaws from
being exploited. AppArmor security profiles completely define what system
resources individual programs can access, and with what privileges.

%package -n	%{libname}
Summary:	Main libraries for %{name}
Group:		System/Libraries
License:        LGPL

%description -n	%{libname}
This package contains the AppArmor library.

%package -n	%{develname}
Summary:	Development files for %{name}
Summary(pt_BR):	Arquivos de desenvolvimento para %{name}
Group:		Development/C
Requires:	%{libname} = %{version}
Provides:	libapparmor-devel = %{version}-%{release}
Provides:	apparmor-devel = %{version}-%{release}
Obsoletes:	%{mklibname apparmor 1 -d}

%description -n %{develname}
This package contains development files for %{name}.

%package -n     perl-libapparmor
Summary:        AppArmor module for perl
Group:          Development/Perl
Requires:       %{libname} = %{version}

%description -n perl-libapparmor
This package contains the AppArmor module for perl.

%package        profiles
Summary:        Base AppArmors profiles
License:        GPL
Group:          System/Base
Requires:       apparmor-parser
Requires(post): apparmor-parser

%description profiles
Base AppArmor profiles (aka security policy).

%package        parser
Summary:        AppArmor userlevel parser utility
License:        GPL
Group:          System/Base
Requires(preun): rpm-helper
Requires(post): rpm-helper

%description parser
AppArmor Parser is a userlevel program that is used to load in program
profiles to the AppArmor Security kernel module.

%package -n     pam_apparmor
Summary:        PAM module for AppArmor
License:        GPL
Group:          System/Libraries

%description -n pam_apparmor
The pam_apparmor module provides the means for any pam applications that call
pam_open_session() to automatically perform an AppArmor change_hat operation in
order to switch to a user-specific security policy.

%package        utils
Summary:        AppArmor userlevel utilities
License:        GPL
Group:          System/Base
Obsoletes:      apparmor-docs < 2.1

%description utils
This package contains programs to help create and manage AppArmor

%package -n     apache-mod_apparmor
Summary:        Fine-grained AppArmor confinement for apache
License:        LGPL
Group:          System/Servers

%description -n apache-mod_apparmor
apache-mod_apparmor adds support to apache to provide AppArmor confinement
to individual cgi scripts handled by apache modules like mod_php and mod_perl.
This package is part of a suite of tools that used to be named SubDomain.

%package        dbus
Summary:        D-Bus support for AppArmor
License:        GPL
Group:          System/Servers

%description dbus
D-Bus support for AppArmor.

%package        applet-gnome
Summary:        An AppArmor applet for Gnome
Group:          Graphical desktop/GNOME

%description applet-gnome
This package contains an AppArmor applet for Gnome.

%setup -q -n %{name}-%{version}-%{rev}
pushd changehat/pam_apparmor
%patch -p0 -b .ldflags
pushd parser
%patch1 -p0 -b .condrestart


# library
pushd changehat/libapparmor
%configure --with-perl
cd src
# so including <sys/apparmor.h> in the next builds works
ln -s . sys
# same for <aalogparse/aalogparse.h>
ln -s . aalogparse

# parser
pushd parser

# pam
pushd changehat/pam_apparmor
%make   LDFLAGS="-L../libapparmor/src/.libs" \
        TESTBUILDDIR=$(pwd) \
        CFLAGS="$RPM_OPT_FLAGS -I../libapparmor/src"

# utils
pushd utils

# mod_apparmor
pushd changehat/mod_apparmor
%make   LIBAPPARMOR_FLAGS="-L../libapparmor/src/.libs -lapparmor -I../libapparmor/src" \

# dbus
pushd management/apparmor-dbus
export LDFLAGS="-L../../changehat/libapparmor/src/.libs -L../../../changehat/libapparmor/src/.libs"
export CFLAGS="$RPM_OPT_FLAGS -I../../changehat/libapparmor/src -I../../../changehat/libapparmor/src"

# gnome applet
pushd management/applets/apparmorapplet-gnome
./ --prefix=%{_prefix} --libexecdir=%{_libexecdir}

rm -rf %{buildroot}

# lib
pushd changehat/libapparmor
%makeinstall_std LIB=%{_lib} LIBDIR=%{_libdir}
mkdir -p %{buildroot}%{perl_vendorarch}
# XXX - for some reason, on i586 builds this file is not copied
install -m 0644 swig/perl/ %{buildroot}%{perl_vendorarch}
# fix some perms
find %{buildroot} -type f -exec chmod 0644 {} \;

# parser
pushd parser
%{makeinstall_std} DISTRO=redhat TESTBUILDDIR=$(pwd)

# profiles
pushd profiles
%{makeinstall_std} EXTRASDIR=%{buildroot}%{_sysconfdir}/apparmor/profiles/extras
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/apparmor.d/

# pam
pushd changehat/pam_apparmor
%{makeinstall_std} SECDIR=%{buildroot}/%{_lib}/security

# utils
pushd utils
%{makeinstall_std} PERLDIR=%{buildroot}%{_libdir}/perl5/vendor_perl/Immunix

# mod_apparmor
pushd changehat/mod_apparmor
%{makeinstall_std} APXS_INSTALL_DIR=%{_libdir}/apache-extramodules
mkdir -p %{buildroot}%{_sysconfdir}/httpd/modules.d
install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/modules.d/

# dbus
pushd management/apparmor-dbus

# gnome applet
pushd management/applets/apparmorapplet-gnome

# remove profiles shipped elsewhere
rm -f   %{buildroot}%{_sysconfdir}/apparmor.d/sbin.rpcbind \
        %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.traceroute \
        %{buildroot}%{_sysconfdir}/apparmor.d/ \
        %{buildroot}%{_sysconfdir}/apparmor.d/bin.netstat \
        %{buildroot}%{_sysconfdir}/apparmor.d/sbin.syslogd \
        %{buildroot}%{_sysconfdir}/apparmor.d/sbin.klogd \

%post -n %{libname} -p /sbin/ldconfig

%postun -n %{libname} -p /sbin/ldconfig

%post parser
%_post_service apparmor
%_post_service aaeventd

%preun parser
%_preun_service apparmor
%_preun_service aaeventd

%post -n apache-mod_apparmor
if [ -f /var/lock/subsys/httpd ]; then
        %{_initrddir}/httpd restart 1>&2;

%postun -n apache-mod_apparmor
if [ "$1" = "0" ]; then
        if [ -f /var/lock/subsys/httpd ]; then
                %{_initrddir}/httpd restart 1>&2

%posttrans profiles
/sbin/service apparmor condreload

rm -rf %{buildroot}

%files -n %{libname}
%doc changehat/libapparmor/COPYING.LGPL
%attr(0755,root,root) /%{_libdir}/*.so.*

%files -n perl-libapparmor

%files -n %{develname}
%attr(0644,root,root) %{_libdir}/*.so
%attr(0644,root,root) %{_libdir}/*.la
%attr(0644,root,root) %{_libdir}/*.a
%attr(0644,root,root) %{_includedir}/sys/*.h
%attr(0644,root,root) %{_mandir}/man2/aa_change_hat.2*

%files profiles
%dir %{_sysconfdir}/apparmor.d
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
%dir %{_sysconfdir}/apparmor.d/abstractions
%dir %{_sysconfdir}/apparmor.d/program-chunks
%dir %{_sysconfdir}/apparmor.d/tunables
%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/*
%config(noreplace) %{_sysconfdir}/apparmor.d/program-chunks/*
%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
%dir %{_sysconfdir}/apparmor
%dir %{_sysconfdir}/apparmor/profiles
%dir %{_sysconfdir}/apparmor/profiles/extras
%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.*
%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/etc.*
%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/sbin.*
%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/bin.*

%files parser
%doc parser/COPYING.GPL parser/README
%dir %{_sysconfdir}/apparmor
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
# no lib64
%dir /lib/apparmor

%files -n pam_apparmor
%doc changehat/pam_apparmor/README changehat/pam_apparmor/COPYING
%attr(0755,root,root) /%{_lib}/security/*.so

%files utils
%dir %{_sysconfdir}/apparmor
%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
%config(noreplace) %{_sysconfdir}/apparmor/severity.db

%files -n apache-mod_apparmor
%doc changehat/mod_apparmor/COPYING.LGPL
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/modules.d/B15_mod_apparmor.conf
%attr(0755,root,root) %{_libdir}/apache-extramodules/
%attr(0644,root,root) %{_mandir}/man8/mod_apparmor.8*

%files dbus
%doc management/apparmor-dbus/README management/apparmor-dbus/AUTHORS
%doc management/apparmor-dbus/COPYING

%files applet-gnome

* Thu Jan 17 2008 Thierry Vignaud <> 2.1-1.1076.2mdv2008.1
+ Revision: 154124
- rebuild for new perl

* Tue Jan 08 2008 Andreas Hasenack <> 2.1-1.1076.1mdv2008.1
+ Revision: 146893
- updated to svn revision 1076

  + Olivier Blin <>
    - restore BuildRoot

  + Thierry Vignaud <>
    - kill re-definition of %%buildroot on Pixel's request

* Wed Sep 19 2007 Andreas Hasenack <> 2.1-1.961.5mdv2008.0
+ Revision: 91191
- remove more profiles from standard package: they are shipped in their own packages now

* Wed Sep 19 2007 Andreas Hasenack <> 2.1-1.961.4mdv2008.0
+ Revision: 91061
- drop rpcbind profile, it's shipped in the rpcbind package now

* Fri Sep 14 2007 Andreas Hasenack <> 2.1-1.961.3mdv2008.0
+ Revision: 85766
- bonobo file is under a noarch libdir
- build dbus and gnome applet packages

* Fri Sep 14 2007 Andreas Hasenack <> 2.1-1.961.1mdv2008.0
+ Revision: 85546
- install perl module in arch dir as the makefile does for x86_64 (doesn't seem right, though)
- make it not require an installed libapparmor-devel to build
- added swig to buildrequires
- added profile for rpcbind
- fix default syslog profile
- obsolete apparmor-docs (manpages are in each package now)
- better place for the LibAppArmor module
- build apache-mod_apparmor package
- install
- added utils subpackage
- Import apparmor